Sunday, July 24, 2011

Cisco CME with 3rd party SIP phones

Had to configure a Cisco Callmanager Express to accept connections from 3rd party SIP phones via the Internet. The SIP phones need to reach each other, their voicemail and PSTN phones via ISDN breakout.
Keep in mind that, as always, public IP's have been changed to private ones. Phone numbers are also fake. Signalling & RTP communication is NOT encrypted in this example! Be aware of that! You could tunnel this traffic through a VPN. Registration would then work too & everything should be fine (except for the additional delays ...). ISDN configuration is for German PSTN, but you should be able to modify it for your needs. If you have trouble to get this to work, try this debug commands:

debug ccsip all (Be carefull, some phones fire off over 20 register requests per second. This usually only happens if the phone is not able to register, but it might freeze your router. This is not a theoretically option!)
debug voice register errors
debug voice register events

Check your systems firewall settings if you use software phones. Might be a good idea to deactivate it temporarily for verifying functionality.

At first I would try to use the X-Lite client. That's a client that usually always works first. Most tolerant one for NAT issues. In general almost any third party SIP client, even IPhones, should work in this implementation. Before delivering such a solution you should always verify functionality thoroughly. Some problems arise after a longer period of time because of timeouts etc..
This is only a short abstract. If you have any suggestions or coments - feel free to post them.

Overview
Configuration of Cisco Callmanager Express

sipgateway#sh run
Building configuration...


Current configuration : 8775 bytes
!
version 15.1
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sipgateway
!
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.151-4.M1.bin
boot-end-marker
!
!
logging buffered 100000
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
clock timezone MEZ 1 0
clock summer-time MESZ recurring last Sun Mar 2:00 last Sun Oct 3:00
network-clock-participate wic 0
network-clock-select 1 BRI0/0/1
!
no ipv6 cef
no ip source-route
ip cef
!
!
!
!
!
ip domain name lab.local
ip name-server 172.20.21.5
multilink bundle-name authenticated
!
!
!
!
isdn switch-type basic-net3
!
voice-card 0
 dsp services dspfarm
!
!
voice call disc-pi-off
!
voice service voip
 allow-connections sip to sip
 redirect ip2ip
 fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
 sip
  bind control source-interface GigabitEthernet0/0
  bind media source-interface GigabitEthernet0/0
  registrar server expires max 600 min 60
  no call service stop
!
voice class codec 10
 codec preference 1 g711ulaw
!
!
voice register global
 mode cme
 source-address 172.20.21.165 port 5060
 max-dn 35
 max-pool 10
 authenticate register ==> This is needed, because phones are not localy connected.
 authenticate realm lab.local ==> This is needed by some SIP phones to switch to digest auth.
 timezone 21
 time-format 24
 date-format D/M/Y
 voicemail 88888888
 tftp-path flash:
 create profile sync 0429414478545137
!
voice register dn  1
 number 12344887
 call-forward b2bua unregistered 88888888 
 allow watch
 name Test1
 label 12344887
 mwi
!
voice register dn  2
 number 12344898
 allow watch
 name Test2
 label 12344898
 mwi
!
voice register dn  4
 number 12344971
 call-forward b2bua unregistered 88888888 
 allow watch
 name Test4
 label 12344971
 mwi
!
voice register dn  5
 number 12341453
 allow watch
 name Test5
 label 12341453
 mwi
!
voice register dn  7
 number 12341455
 allow watch
 name Test7
 label 12341455
 mwi
!
voice register pool  1
 id mac 0000.0000.0000 ==> Mac is irrelevant. Auth is now digest based.
 number 1 dn 1
 presence call-list
 dtmf-relay rtp-nte
 username 12344887 password 1234
 codec g711ulaw
!
voice register pool  2
 id mac 0000.0000.0000
 number 1 dn 2
 presence call-list
 dtmf-relay rtp-nte
 username 12344898 password 1234
 codec g711ulaw
!
voice register pool  4
 id mac 0000.0000.0000
 number 1 dn 4
 presence call-list
 dtmf-relay rtp-nte
 username 12344971 password 1234
 codec g711ulaw
!
voice register pool  5
 id mac 0000.0000.0000
 number 1 dn 5
 presence call-list
 dtmf-relay rtp-nte
 username 12341453 password 1234
 codec g711ulaw
!
voice register pool  7
 id mac 0000.0000.0000
 number 1 dn 7
 presence call-list
 dtmf-relay sip-notify
 username 12341455 password 1234
 codec g711ulaw
!
!
!
voice translation-rule 5
 rule 1 /^\(.*\)/ /30\1/ type any national
!
voice translation-rule 10
 rule 1 /^\(.*\)/ /0\1/ type subscriber unknown
 rule 2 /^\(.*\)/ /00\1/ type national unknown
 rule 3 /^\(.*\)/ /000\1/ type international unknown
!
!
voice translation-profile From-PSTN
 translate calling 10
!
voice translation-profile To-PSTN
 translate calling 5
!
!
license udi pid CISCO2901/K9 sn 12341234
license accept end user agreement
hw-module ism 0
!
hw-module pvdm 0/0
!
!
!
username labtest privilege 15 labt3st
!
redundancy
!
!
!
interface Loopback0
 ip address 172.20.20.1 255.255.255.252
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description LAN Interface
 ip address 172.20.21.165 255.255.255.248
 duplex auto
 speed auto
!
interface ISM0/0
 ip unnumbered Loopback0
 service-module ip address 172.20.20.2 255.255.255.252
 !Application: CUE Running on ISM
 service-module ip default-gateway 172.20.20.1
!
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface ISM0/1
 description Internal switch interface connected to Internal Service Module
 no ip address
 shutdown
!
interface BRI0/0/0
 no ip address
 shutdown
 isdn switch-type basic-net3
 isdn point-to-point-setup
 isdn incoming-voice voice
!
interface BRI0/0/1
 no ip address
 isdn switch-type basic-net3
 isdn point-to-point-setup
 isdn incoming-voice voice
!
ip http server
ip http access-class 24
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash:
!
ip route 0.0.0.0 0.0.0.0 172.20.21.161
ip route 172.20.20.2 255.255.255.255 ISM0/0
!
!
!
!
!
control-plane
!
!
voice-port 0/0/0
 compand-type a-law
 cptone DE
 bearer-cap Speech
!
voice-port 0/0/1
 compand-type a-law
 cptone DE
 bearer-cap Speech
!
!
dial-peer voice 1 pots
 description ISDN
 translation-profile incoming From-PSTN
 translation-profile outgoing To-PSTN
 destination-pattern 0.T
 incoming called-number .
 direct-inward-dial
 port 0/0/1
!
dial-peer voice 5 voip
 destination-pattern 88888888
 session protocol sipv2
 session target ipv4:172.20.20.2
 incoming called-number .
 voice-class codec 10 
 dtmf-relay sip-notify
 no vad
!
!
gateway
 timer receive-rtp 1200
!
sip-ua
!
end

sipgateway#        

Verify registration

sipgateway#sh sip-ua status registrar
Line          destination      expires(sec)  contact
transport     call-id
              peer
============================================================
12341455      172.20.22.52     597           172.20.22.52
UDP           g7ngEr-P2hu1kPJ6mDgWP8FNWrPJDIql             
              40002

These are the phone configs I tested:


Android CSipSimple Settings
 Accountname: 12344971
 Send own number: 12344971
 SIP Server: 172.20.21.165
 Username: 12344971
 Password: 1234
 Proxy: 172.20.21.165


Phoner Lite Settings
 Configuration -> Server
  Proxy/registrar: 172.20.21.165
  STUN Server: stun.counterpath.com
  Domain/Realm: 172.20.21.165
  Check Registration
 Configuration -> User
  Username: 12341453
  Shown username: 12341453
  Password: 1234
  Authentication name: 12341453
  Number: 12341453
 Configuration -> Network
  Check preferred connection type: UDP
  Check Windows Firewall

Xlite (ver 4.0) settings
 Softphone -> Account Settings -> Account
  Check allow this account for call
  User ID: 12341453
  Domain: 172.20.21.165
  Password: 1234
  Authorization name: 12341453
  Check Domain Proxy to register with Domain and receive calls
  Check outbound via domain
 Softphone -> Account Settings -> Topology
  Autodetect firewall traversal method using ICE
 Softphone -> Preferences -> Advanced
  Check send DTMF via RFC2833

Snom 360 Settings
 Identity1
  Login
   Account: 12344887
   Password: 1234
   Registrar: 172.20.21.165
   Authentication Username: 12344887
  SIP
   Check Support broken Registrar
  NAT
   Check Offer ICE
   STUN Server: stun.counterpath.com

3 comments:

Samuel Dokowe said...

Hey, I tried your approach on my CME and it didn't work with the mac 0000.000.000, you have to use the mac address for the phone.

Thank s though.

Unknown said...

On newer versions of CME the "id mac 0000.0000.000" no longer works. In your example you would have to do "id device-id-name 12344887" where 12344887 was your username.

Farrukh said...

how is it going to impact my current cisco sip phones as i did not configure the authenticate register and authenticate realm local under voice register global?